the EUVD comes with a holistic approach and aims for ensuring a high level of interconnection of information sources. It does so by leveraging the open-source software Vulnerability-Lookup which enables a quick correlation of vulnerabilities from multiple known sources. … Utilising the Common Security Advisory Framework (CSAF), a standardised format for vulnerability advisories, the EUVD supports automation in the processing, consumption, and distribution of security advisories.

The EUVD collects and references vulnerability information collected from existing databases (such as MITRE’s CVE DB, GitHub’s Advisory Database, JVN iPedia, GSD-Database), adds additional information via references to advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, and enriches it with exploited vulnerability markings (such as CISA KEV) and FIRST’s Exploit Prediction scores (EPSS).

(Note: ENISA has been tasked with establishing the EUVD as outlined in Article 12 of the NIS-2 Directive.)

#cybersecurity